As of early 2026, more than 50% of fraud now involves artificial intelligence as a catalyst, and nine in ten banks already use AI to detect it.
Payment fraud in the UK has reached unprecedented levels. According to the banking and finance industry body, UK Finance’s fraud report, in the first half of 2025, £629 million was stolen through authorised and unauthorised methods, with more than 2.09 million confirmed cases of unauthorised fraud. This constitutes a 17% year-on-year rise. Remote purchase fraud, where stolen card details are used online, surged 22% in the first half of 2025, compared to the same period in 2024, and is now the most common attack vector.
At the same time, fraudsters have embraced AI as a weapon. From deepfake voice calls to synthetic identities and hyper-personalised phishing, AI has supercharged fraud. More than 50% of fraud attempts now use AI techniques. Yet the technology is also becoming the strongest defence: nine in ten UK banks already deploy AI in their fraud detection strategies.
The message is clear: only AI can fight AI. And critically, AI systems need assurance, governance and regulatory alignment to deliver results without introducing new risks.
The following actions highlight how banks, regulators and partners can harness AI effectively to combat fraud while keeping defences trustworthy, compliant and resilient.
1. Strengthen behavioural analytics with ‘Segment-of-One' profiling
Traditional fraud detection relies on rules and thresholds: block large transactions, flag unusual geographies, and so on. These blunt tools are easily gamed.
AI now enables hyper-granular monitoring of each person’s unique behaviour, known as Segment-of-One profiling. This covers subtle patterns like mouse movements, typing cadence, mobile touch pressure, and normal transaction rhythms. Even with correct credentials, deviations in behaviour reveal attacks.
To stay ahead, banks must invest in behavioural biometrics monitoring hundreds of real-time data points and continually train models on evolving attack patterns — particularly for mobile-first fraud, which rose 11% after iOS updates enabled remote access scams.
2. Deploy real-time AI decisioning for transactions
Fraud occurs in milliseconds; stopping it requires the same speed. Mastercard and others are expanding AI-powered real-time insights to UK banks, enabling transaction checks before funds leave accounts.
These systems assess hundreds of factors simultaneously — device integrity, network anomalies, location patterns — and return a fraud score in under 300 milliseconds.
For effectiveness, these engines must remain explainable to meet FCA accountability requirements, while integrating tightly into payment rails to reduce false positives and negatives without harming customer experience.
3. Embed AI into open banking fraud prevention
Open banking has spurred innovation — but also new attack vectors.
Replacing insecure screen-scraping with AI-enhanced API monitoring that detects anomalies in real time will be crucial, as will intelligence sharing across participants. By flagging compromised accounts or mule behaviour before transactions spread, banks can protect open banking without slowing growth.
4. Harness collaborative AI threat intelligence
Fraud is borderless: 75% of UK e-commerce fraud links to overseas merchants according to UK Finance. No single bank can see the whole picture, which is why UK Finance’s 300-member collaborative network is so valuable.
The next step is AI-powered mining of shared datasets for cross-institution patterns — such as mule recruitment or deepfake campaigns — that would otherwise remain hidden. Participation in collaborative AI platforms will turn collective knowledge into stronger collective defence.
5. Invest in mobile-first AI defences
As banking shifts to mobile, criminals exploit remote-access tools and malware to bypass device security. Remote access fraud has contributed to the overall growth in mobile first fraud and is expected to continue rising.
AI models need training on mobile-specific behaviours such as swipe dynamics, tilt, and habitual app switching. They must also recognise signs of remote-control activity, like identical device fingerprints accessing multiple accounts. By adapting biometrics to mobile, banks can close one of the fastest-growing fraud channels.
6. Prepare for quantum-enhanced fraud and defence
The UK government is investing £121 million in quantum technology to tackle crime, fraud, and money laundering, which signals both a risk and an opportunity. Quantum computing could undermine current cryptography, enabling criminals to break encryption. But it also promises transformative fraud detection through faster pattern recognition.
Banks should start migrating to quantum-resistant cryptography now, while also exploring quantum-ready AI that could one day supercharge fraud pattern recognition.
7. Align AI fraud prevention with regulation
The UK is a global pioneer in fraud regulation, introducing mandatory reimbursement for Authorised Push Payment (APP) fraud in 2024. This has already led to 86% of eligible losses being returned to victims. But compliance demands AI models that are both accurate and explainable — regulators must understand why a transaction was blocked or reimbursed.
Building algorithmic accountability frameworks that document decision logic, alongside regular audits for FCA and PSR compliance, will be critical to sustaining public trust and preventing discriminatory outcomes.
8. Tackle synthetic identities and deepfakes with AI
Fraudsters are increasingly deploying AI to fabricate entirely new identities, complete with convincing voice, image and video evidence. These bypass traditional ID checks and even fool biometrics.
To counter this, banks must deploy multi-layered verification that combines biometric checks with behavioural analysis, device reputation, and cross-platform correlation. AI models must also be trained to detect deepfake artefacts, from unnatural facial micro-expressions to irregular voice patterns that escape human notice.
9. Create fraud orchestration platforms
The long-term vision for UK banks should be integrated fraud orchestration platforms. These systems unify transaction monitoring, behavioural biometrics, open banking APIs, reimbursement workflows and regulatory reporting into a single AI-driven ecosystem.
Moving from siloed detection tools to orchestration gives banks visibility across all interactions while automating compliance reporting, cutting costs and boosting transparency.
The fraud war is no longer about reacting to losses; it is about preventing attacks through AI-driven intelligence. UK banks that invest now in behavioural analytics, real-time monitoring, open banking security and collaborative threat sharing will protect customers, reduce compliance costs, and secure competitive advantage.
AI is both the fraudster’s weapon and the bank’s shield. The institutions that learn to wield it most effectively will define the future of safe payments.
Expleo's strategic approach to UK payment security
A trusted partner for AI assurance, Expleo is helping UK banks to ensure their defences are robust, explainable, and compliant.
Expleo’s UK-focused frameworks prioritise FCA compliance and PSR mandatory reimbursement requirements, ensuring AI-powered fraud detection systems provide explainable decisions that satisfy regulatory scrutiny.
By leveraging partnerships with multiple platform partners, Expleo provides secure, PSD2-compliant fraud detection across multiple UK banking relationships, offering real-time transaction monitoring through official bank APIs rather than vulnerable screen-scraping methods.
Looking ahead, Expleo’s quantum-ready architecture aligns with the UK government’s £162 million quantum investment strategy, embedding quantum-resistant encryption and future-proof fraud detection. Together, these capabilities enable high detection accuracy, faster investigation closure, automated regulatory reporting, and robust protection against sophisticated fraud threats in the UK payments ecosystem.
